Explore attacking ADFS endpoints using PowerShell in this comprehensive conference talk from Derbycon 2016. Dive into topics like identity providers, federation, and federated services. Learn about authentication bypass bugs, federation info retrieval, and login prompt manipulation. Examine Office 365 integration, managed federation, and automation techniques. Discover methods for handling multiple domains and claiming domains. Set up a test environment and explore PowerShell modules for AD and user enumeration. Witness live demonstrations and discuss future attack vectors, including dictionary attacks against federated accounts. Investigate pivoting to internal networks, exploiting single-factor VPNs, and leveraging malicious OneDrive documents, SharePoint, and Outlook rules. Conclude with attack mitigation strategies and a Q&A session.
Overview
Syllabus
Presentation Overview
About Karl
Pinball Repair
Hacker Jeopardy
Overview
ADFS
Identity Provider
Federation
Federated Services
Attack Walkthroughs
Authentication Bypass Bug
Get Federation Info
Login Prompt
Office 365
Managed Federation
Automation
Multiple Domains
Claim Domain
Fox News
Test Environment
Domain
Getting Office 365
Claiming the Domain
Enabling Federation
Skype Support
PowerShell Modules
AD PowerShell Module
User Enumeration
User Validation
PowerShell Setup
Screenshot
Demo
Whats Next
Dictionary Attacks Against Federated Accounts
AD Tenant Demo
pivoting to the internal network
singlefactor VPN
malicious OneDrive documents
malicious SharePoint
malicious Outlook rule
attack mitigations
limiting federation to trusted domains
special thanks
questions
